Join 3,438 readers in helping fund MetaFilter (Hide)


Terrist messages in digital photographs questioned
July 18, 2002 9:16 AM   Subscribe

Terrist messages in digital photographs questioned (salon.com). Last week, USA Today raised a stir by claiming that terrorists were trading hidden messages in images on ebay by the "hundreds" using an uncited source. Salon contacting other sources willing to go on the record found that finding hundreds of hidden messages requires sampling more files than were posted to ebay in the past year. In addition steganography analysis turns up a high rate of false-positivies. Is this a case of seeing what we want to see like the Bacon-Shakespeare ciphers?
posted by KirkJobSluder (18 comments total)

 
I think it's more a case of seeing what we want to see as in John Nash's hallucinations in "A Beautiful Mind". Remember how he looks at all those random newspaper and magazine articles and sees secret messages beaming back at him?
posted by Faze at 9:23 AM on July 18, 2002


Interesting to note that stenography software like Camera/Shy is being developed to circumvent governments that filter web content.
posted by Fstop at 9:29 AM on July 18, 2002


This sounds like a twisted verion of the news from a while back that stegdetect found a lot of +ves at azzam after reports on USA Today.

See politech here and here.
posted by andrew cooke at 9:44 AM on July 18, 2002


Sorry, should have read more carefully. It's the same story and the first politech link (scroll down to second part of message) suggests that the finds are indeed significant.
posted by andrew cooke at 9:46 AM on July 18, 2002


i dunno about steganography (isn't that something your secretary takes while sitting in your lap?) but i just loved that KirkJobSluder spelled terrorist the way dubya pronounces it!
posted by quonsar at 11:05 AM on July 18, 2002


You have to be terribly careful about claims of detecting steganography, which of course runs contrary to your best interests if you provide snake-oil you claim detects steganography, deal in paranoia that sells newspapers or are a government getting people to trade civil liberties for perceived short term gains in security.

The problem with steganography detection is that you probably don't have access to enough information to determine if there really is a message hidden in an image. Steganography works by making imperceptible changes to the intensity of pixels in an image. If you have the original image (right down to any artifacts introduced by jpeg) then you might be able to determine that a given copy of an image contains some additional information riding along with it. You usually don't have access to this however. It isn't good enough to have a different source jpeg (or other format).

Even if you are 100% certain you have the source jpeg there are many ways of generating a false positive. Suppose our ebay seller grabs a picture off the internet. It's in jpeg format. He's selling whatever is in the image and he wants to add a bit of text saying "L@@K HERE!". When he adds this text over the image he alters it, not just the portions where the text appears but other areas due to the way jpeg performs its voodoo in compressing images.

It's easy to get a false positive for steganography this way, even if you mask out the text itself. So all you can easily tell is that there has been some alteration to the image, but it might just be due to artifacts introduced by the jpeg process.

So maybe we apply some statistics to the differences and try to determine if there's any semantic content. Messages would have to be fairly small, otherwise your eye will notice something is wrong and they may not be in an unknown language. How do you apply statistical analysis to this?

Suppose I'm a very smart person. Not only do I use steganography, the messages I conceal are actually coded messages (think of "One if by land, and two by sea"). This quickly becomes an intractable problem.
posted by substrate at 11:58 AM on July 18, 2002


The way you describe it substrate, which I think is accurate, it sounds like an easy slide into paranoia.

How do you determine semantic content in subtle alteration? Take this into the real world for a moment.

Flyers on telephone poles seem to be in brighter colors than usual or some have been "moved around" since the original posters have placed them there. Perhaps terrorists are using subtle flyer arrangements to transmit messages.

Perhaps they are using public webcams? If you see a certain object in the frame (basketball) at a certain time then that is a "go" signal. etc. etc. Intractable problem indeed, especially if its some sort of cipher with a one-time pad.
posted by vacapinta at 12:53 PM on July 18, 2002


I glanced at the Shakespeare is really Bacon stuff and sure enough, the "Funeral Elegy" is really Shakespeare who is Bacon. The only problem: even the scholar who made the claim that hit spoem was a a newly discovered work by Shakespeare now admits he was dead wrong. So that means Shakespeare is Bacon is not Shakespeare and I guess not Bacon either. Eggs on a hard roll and please hold the bacon.
posted by Postroad at 12:53 PM on July 18, 2002


I've never quite understood the fascination with this. Steganography, from my point of view, is an excellent way of concealing information on a specific computer, or of transmitting a specific concealed message to a specific person. Once you get into a broadcast technology like a website, the message management becomes a major problem. How do you tell your contact which image to look at, especially on a constantly-changing site like Ebay? If you can contact them with THAT specific of information, why can't you just send them a concealed message that way? It doesn't make a whole lot of sense.
posted by dhartung at 1:17 PM on July 18, 2002


Actually, Substrate, I don't think they're doing source comparison for the steganography detection. Here's the method used by StegDetect (or, at least, a method that may be used by some application). Rather that attempting to map difference between the unaltered and altered image, this method relies on detecting statistical anomalies in images that result from adding information to it.

For example, by changing the intensities of pixels in an image randomly, you modify the image but don't add information to it. But, by ordering the changes in intensity to carry a message, you add information. This change can be detected statistically.

I don't think it should be too hard to modify Seti@Home into Steggy@home, right? Somebody ring up David Anderson!
posted by daver at 1:21 PM on July 18, 2002


dhartung - person 1 has a message to send to person 2.

person 1 codes his message in ebay auction item and posts it on ebay.

person 1 sends a message to person 2 via the "Send this auction to a friend" link on his auction.

Person 2 follows the link to ebay auction. Takes the .jpg of the item to be auctioned and decodes the message.

all done via seemingly innocent email exchange.
posted by Nauip at 1:56 PM on July 18, 2002


It might be hard to detect when steganography is used and tests may produce false positives. But if you get significantly more detections on one set of images, from one source, than you do from a control source, then you have something interesting in the test group.

(This depends, of course, on your control images being "similar" to the test images).

This use of images (if real) is done to avoid traffic analysis. A and B don't want M to know that they are swapping information. If it were only about encryption then A and B could just send each other encrypted messages. So, contrary to what the article says, you can get useful information from simply identifying these images (ie without decoding the message they contain) - if, for example, one person only ever downloaded images that appeared to contain hidden data, then they're a big candidate for being B.
posted by andrew cooke at 2:35 PM on July 18, 2002


Hide in Picture allows you to conceal and password-protect entire files inside of bitmap images. Source code is located on this page as well.
posted by Danelope at 2:53 PM on July 18, 2002


daver, I know that they use statistical means and not direct comparision. My point is that statistical methods would have to be hugely unreliable and also easily defeatable.

If it really relies on statistics, then you're correct, random fluctuations would appear different than encoding a plain text message. What if I'm smart though, and encrypt my message first? An encrypted message will have a random distribution now your statistical detection fails.

If I were going to encode secret messages in images then I'd go a step further. I'd use encoding. Now a message isn't actually being added to the image, rather, a codebyte is. So you've set 8 bits in the image and can relay one of 256 messages.

From what I googled between posts it appears that most steganography detection software looks for signatures of specific applications alongside statistical anomalies. This is a bit easier, sort of like detecting PGP encrypted email. The big banner that says its PGP encrypted is a dead giveaway.
posted by substrate at 3:09 PM on July 18, 2002


Why even bother... just work according to a code where an auction of a certain item, with a code word in the description, becomes itself a message without need for further communication.

If the codeword is somewhat unusual, you can even post the auction in question in a group which has very large numbers of transactions happening at any given time.

That is hardly a very secret or clever technique.

Fact is, if two people really want to communicate something to each other, there are many, many ways to do so. I always get a little suspicious when high-tech communications are "discovered" by companies who stand to make a buck selling technologies that would purport to help detect further such communications... it smacks of the "syndrome of micromastia" (small breasts), something invented by breast implant manufacturers...
posted by clevershark at 6:30 PM on July 18, 2002


...Pekar checks to see if micromastia.com is taken...
posted by pekar wood at 7:33 PM on July 18, 2002


Terrist? Terrist?!

Hmm... perhaps they're encoding their secret messages in the misspellings on websites!
posted by Lionfire at 10:26 PM on July 18, 2002


Terristfilter?
posted by y2karl at 10:56 PM on July 18, 2002


« Older The WebPlayer is a Shockwave app that turns a web ...  |  Is this astoundingly bad timin... Newer »


This thread has been archived and is closed to new comments